CVE-2015-6964

MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
multibitmultibit_hd
𝑥
< 0.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html
https://web.archive.org/web/20160506095434/https://multibit.org/blog/2015/07/25/bit-flipping-attack.html